Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Day 1 - Preparation: Policies, Management Support, and User Awareness - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Day 1 - Preparation: Policies, Management Support, and User Awareness

October is Cyber Security Awareness Month and as we announced earlier we are going to use this month to solicit tips for proper incident handling. 

The SANS Institute teaches a six-step process:

1.  Preparation
2.  Identification
3.  Containment
4.  Eradication
5.  Recovery
6.  Lessons Learned

Preparation is the first step, and most of us know that if you are unprepared then it's nearly impossible to handle an incident property.  For the rest of this week we will focus on the elements of preparation.  To kick off the month, send us your ideas via the contact page on how you develop policies, how you engage management support, and how you raise user awareness.  We'll add the best ideas to this diary throughout the day.

Thanks and Happy Cyber Security Awareness Month!!

Marcus H. Sachs
Director, SANS Internet Storm Center


301 Posts
ISC Handler
Oct 1st 2008
Comment on Handler Steve's suggestions for formulating incident response. There are a whole lot of us (particularly in education) who are one man shops -- and many of us (like myself) who were pressed into IT / computers because we happened to know more than anyone else -- as much info / detail as can be provided would be a huge help-- im puzzling this out one incident at a time -- Nimda was my first -- YUCK!

Sign Up for Free or Log In to start participating in the conversation!